CNNVD-202509-4318 Information

CNNVD ID

CNNVD-202509-4318

Related CVE

CVE-2025-59948

• CNNVD Published: 2025-09-29

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.26.3及之前版本存在跨站脚本漏洞，该漏洞源于未清理feed内容中的某些事件处理程序属性，可能导致跨站脚本攻击。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. FreshRSS 1.26.3 and previous versions have cross-site script loopholes, which stem from the nature of some event handling properties in uncleaned feed content and may lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

FreshRSS

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/commit/7df6c201f2e6a6521d20718dfd8d9794c7437d1f https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-rwhf-vjjx-gmm9

Patch

https://github.com/FreshRSS/FreshRSS/releases